Adversarial attacks and mitigation for anomaly detectors of cyber-physical systems
The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2021
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/6438 https://ink.library.smu.edu.sg/context/sis_research/article/7441/viewcontent/adversarial_attacks_ijcip21.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-7441 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-74412022-01-10T06:27:36Z Adversarial attacks and mitigation for anomaly detectors of cyber-physical systems JIA, Yifan WANG, Jingyi POSKITT, Christopher M. CHATTOPADHYAY, Sudipta SUN, Jun CHEN, Yuqi The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples. 2021-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/6438 info:doi/10.1016/j.ijcip.2021.100452 https://ink.library.smu.edu.sg/context/sis_research/article/7441/viewcontent/adversarial_attacks_ijcip21.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Cyber-physical systems industrial control systems anomaly detectors neural networks adversarial attacks testing defence mechanisms Information Security OS and Networks |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Cyber-physical systems industrial control systems anomaly detectors neural networks adversarial attacks testing defence mechanisms Information Security OS and Networks |
| spellingShingle |
Cyber-physical systems industrial control systems anomaly detectors neural networks adversarial attacks testing defence mechanisms Information Security OS and Networks JIA, Yifan WANG, Jingyi POSKITT, Christopher M. CHATTOPADHYAY, Sudipta SUN, Jun CHEN, Yuqi Adversarial attacks and mitigation for anomaly detectors of cyber-physical systems |
| description |
The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples. |
| format |
text |
| author |
JIA, Yifan WANG, Jingyi POSKITT, Christopher M. CHATTOPADHYAY, Sudipta SUN, Jun CHEN, Yuqi |
| author_facet |
JIA, Yifan WANG, Jingyi POSKITT, Christopher M. CHATTOPADHYAY, Sudipta SUN, Jun CHEN, Yuqi |
| author_sort |
JIA, Yifan |
| title |
Adversarial attacks and mitigation for anomaly detectors of cyber-physical systems |
| title_short |
Adversarial attacks and mitigation for anomaly detectors of cyber-physical systems |
| title_full |
Adversarial attacks and mitigation for anomaly detectors of cyber-physical systems |
| title_fullStr |
Adversarial attacks and mitigation for anomaly detectors of cyber-physical systems |
| title_full_unstemmed |
Adversarial attacks and mitigation for anomaly detectors of cyber-physical systems |
| title_sort |
adversarial attacks and mitigation for anomaly detectors of cyber-physical systems |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2021 |
| url |
https://ink.library.smu.edu.sg/sis_research/6438 https://ink.library.smu.edu.sg/context/sis_research/article/7441/viewcontent/adversarial_attacks_ijcip21.pdf |
| _version_ |
1770575960496668672 |